1. Field
Various embodiments pertain to digital data compression and particularly to a method for securely extending a key stream to encrypt high-entropy data.
2. Background
There are a number of applications that use very high data throughput and secure encryption. One example is Digital Cinema where a high-value content stream is encrypted at high speeds (e.g., hundreds of megabits per second). The encryption operation is expensive in terms of computation, hardware assistance, and/or processing resources. There are obvious advantages to reducing the operational cost of encryption. Many security implementations either accept the penalty of more expensive encryption or settle for using an inferior (i.e., less secure) encryption algorithm. For example, the expense of encryption can be reduced by computing a weaker encryption key, but this, risks exposes the encrypted information.
Stream cipher implementations are configured to generate a key stream with which a data stream is encrypted (e.g., each data bit is encrypted by a key stream bit). However, due to the hardware and/or processing costs of generating the key stream, the number of bits generated by the key stream during a period of time may be limited to N bits/second (e.g., 10 Kbits/second). Thus, the amount of data that can be securely encrypted in some encryption schemes is limited to N bits/second.
To increase the amount of data that can be encrypted during a period of time, or for other reasons, some applications may compress the data prior to encryption. Even with compression, the length of data to be encrypted in a particular time period may occasionally exceed the length of the key stream that can be generated. For example, time-sensitive applications, such as digital cinema, may generate a key stream at N bits/second (10 Kbits/second) and use it to synchronously encrypt up to N bits/second of compressed data. However, in some instances, the compressed data may exceed N bits/second. That is, the compression algorithm may not be able to compress certain data sufficiently. Since the compressed data length generated during a particular period of time exceeds the key stream length for the same period of time, the data cannot be securely encrypted.
Thus, a way is needed to securely and efficiently encrypt data that is longer than the generated key stream.